Kaspersky's explanation for possessing secret NSA cyberweapons is a doozy


#1

Originally published at: https://boingboing.net/2017/10/25/the-wages-of-sin.html


#2

Microsoft does that too. I’ve switched that off, but it’s probably one of those settings that is bumped back on “accidentally” from time to time in Windows updates.


#3

Yeah, I really still see no reason to trust them with my computer.

Since I have to trust Microsoft by default if I’m running windows I’ll just stick with Windows Defender.

Anti-virus software tends to make a computer a bit less secure due to either mistakes or by the fact they are all now man in the middle attacking of TLS so they can scan your web traffic.

One thing I have learned over the years in software security is that parsing is hard so adding yet another program to parse everything and expect them to make no mistakes is not a good idea.

So when you throw on top of all this the current cyber war that appears to be going on between the United States and Russia is just the cherry on this pile of ugly.

I understand Mr Kaspersky is a great guy but this is all a big bucket of nope.


#4

So if Kaspersky’s story is 100% correct and true, then what they’re saying is that they deliberately decline to protect their clients from detected malware when they believe that malware to be state sponsored?


#5

Kaspersky’s been around for a long time, long before the current wave of Russian hijinks. When I got my first laptop back in 2001, I replaced the stinking refuse heap that was McAfee AntiVirus with Kaspersky. It had great reviews, and it worked just fine for me. I can confirm that it collected questionable files for analysis, many antivirus programs do, including the one I use now, ESET. (I was talked into trying it when I bought my new laptop. It works just as well, and ESET has free tech support calls if you get hit with something really nasty and need help.)


#6

I just use Windows Defender now (KISS) but I see Kaspersky as one of the good guys. It seems like they’ve always been at the forefront of security research and shining light on the internet’s cockroaches.


#7

Wait, how do you get that from the story?


#8

Like @Cunk said, that’s not a logical conclusion of anything in the article. What Kasperski said they did was once they realized that the code in question was an early version of code the had already found in the wild, they deleted it. They detected it in the first place because they were already detecting the wild versions of it.

So, their customers were already being protected from the released form of the malware.


#9

Having a blag copy of MS Office as a cyber-security professional is a clear demonstration of either incompetence or malfeasance.

Is Harold Thomas-Martin honestly expecting people to believe a contractor for the NSA cannot either afford to buy the product or get a copy through his work and rather than foregoing it (or getting another equivalent product ) and did not understand the risks of him conducting a full scan on a system with dubiously sourced product and information about that scan leaving his system as a cyber-security specialist

Then again he could just be a special kind of dumb…


#10

Reminder: Don’t pirate software guys. There’s a lot more at stake than saving a few bucks these days.


#11

He transfered classified US government malware to his unsecured home computer. Yeah, I think we can go with ‘special kind of dumb’.


#12

The part of the story not stated here is that Kaspersky itself apparently was hacked, which is how the malware uploaded to them got out into the wild, including into the hands of ransomware specialists. So that alone makes them untrustworthy in my book, not to mention that in present-day Russia, private companies really are not independent of the Russian government, which itself cannot be trusted.


#13

Russian hijinks have been around for a long time too.

That said this is a fairly plausible explanation when you get right down to it. I hadn’t caught before that the NSA tools Kaspersky “had in its possession” were the same ones from the already solved leak situation.

People with technical know how, and in powerful positions frequently do pretty numskulled things. The line of thinking (if there is any) seems to be along the lives of “I’m so good/connected, and they’re such idiots, they’ll never know even if put it on an unsecured home computer”. Sort of an un-earned assumption of superiority. Thinking you’re better than everyone else. Either in general or at something specific. Tends to go along with the assumption that other people are incompetent or oblivious.


#14

This story seems pretty typical of how such things happen.

But why does anyone need to “steal” software made with taxpayer money? State secrets are anathema to democracy, and those who strive to implement such secrets need to be dealt with as the seditious, insurrectionary elements that they are.


#15

image


#16

Debug-enabled versions of a given program are more valuable than regular ones, since they have symbols and everything. It would have been negligent of Kaspersky not to store these versions; besides, it’s not like they are out of disk space.


#17

I still trust Kaspersky on this one. A cyberweapon is not much use if it only takes a unique form. They ought to change their own code, so it is hard to recognize. So every particular weapon will have thousands or millions of variants in the wild. What’s the odds someone in the NSA will effectively post them their version with the original comments? Is it worth keeping every variant?

Okay, if Kaspersky were smart - and they are - then they may have kept a copy too, and just said it was automatically flushed. But they don’t need the comments at this stage.


#18

And, if the Russian government (or anyone else) hacks Kaspersky and got access to these reports, then that is a liability for Kaspersky. There is a cost to them for keeping things, so there is a valid reason to not keep samples longer than they need to do their analysis.


#19

You don’t have to trust Microsoft by default. You can always run a Mac (if you trust Apple), or one of the many free Unix variants instead.


#20

I wouldn’t rule out espionage as a possible motive here. While I don’t think he was trying to exfiltrate data via an AV scan (that’s just way too overcomplicated), there’s a chance he had the files in the first place because he was planning to sell them to some foreign government or criminal organization. This guy was clearly kind of dumb, but also possible malicious.